Description
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of property names in property expressions in increment and decrement expressions allowed attackers to execute arbitrary code in sandboxed scripts.
References (2)
Core 2
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/09/12/2
Vendor Advisory x_refsource_confirm
https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1538
Scores
CVSS v3
4.2
EPSS
0.0016
EPSS Percentile
36.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Details
Status
published
Products (2)
jenkins/script_security
< 1.62
org.jenkins-ci.plugins/script-security
0 - 1.63Maven
Published
Sep 12, 2019
Tracked Since
Feb 18, 2026